Age | Commit message (Collapse) | Author | Files | Lines |
|
We don't use docker_image for anything. It is a remant of the
pre-composable docker templates and we can now remove it.
This patch removes references to the 'docker_image' section
from docker/post.yaml and all of the docker/services* templates.
Change-Id: I208c1ef1550ab39ab0ee47ab282f9b1937379810
|
|
|
|
|
|
|
|
The patch this depends on passes through the classes some parameters
that are meant to be passed via t-h-t. This patch addresses these and
other things required for deploying these services over httpd:
* Set the number of workers taking care not to set this value to 0.
* Add the apache base hieradata to the service profiles.
* Set the servernames and other httpd-specific values.
bp tls-via-certmonger
Change-Id: I88e5ea7b9bbf35ae03f84fdc3ec76ae09f11a1b6
Depends-On: I23971b0164468e67c9b3577772af84bd947e16f1
|
|
This updates the docker/service README so that it
correctly documents the current requirements of the new
puppet_config interface.
Change-Id: I0f3e00ea3cce24152475abf6df34f4836e32c9c8
|
|
This patch allows operator to create SSL certificates for SSL auth to RabbitMQ.
Change-Id: I250aedcfdbe3b7a7e8c611c0e6122cf8fe0edda4
|
|
|
|
|
|
|
|
|
|
As with other services, this passes the necessary hieradata to enable
TLS for RabbitMQ. This will mean (once we set it via puppet-tripleo)
that there will only be TLS connections, as the ssl_only option is being
used.
bp tls-via-certmonger
Change-Id: I960bf747cd5e3040f99b28e2fc5873ca3a7472b5
Depends-On: Ic2a7f877745a0a490ddc9315123bd1180b03c514
|
|
|
|
|
|
There is currently an issue where the max open files limit is hit with
MariaDB in noha deployments, because it is defaulted to 1024 by system
limits. In HA deployments the limit is bumped to 16384. This patch
introduces a flag to be able to increase the limit to 16384 for noHA
deployments.
In the future we should change this to be an integer, and let the
operator decide the setting. Since this setting is set in a different
path for HA, we would need to implement a change that allows setting
both (ha and nonha) via the same integer param.
Depends-On: Ia0907b2ab6062a93fb9363e39c86535a490fbaf6
Closes-Bug: #1648181
Related-Bug: #1524809
Change-Id: I95393fc798b833a8575afbff03ef74a839565c5e
Signed-off-by: Tim Rozet <trozet@redhat.com>
|
|
This patch moves enabling Zaqar docker services into
a separate environment in the environments/services-docker
directory.
Change-Id: I6755eb7ae2abb2b9c8b213ff6fd21b0392353ef5
|
|
This patch moves enabling Mistral docker services into
a separate environment in the environments/services-docker
directory.
Change-Id: I8b484532de5f5d61fc0240defbc5fc27789a1279
|
|
This patch moves enabling Ironic docker services into
a separate environment in the environments/services-docker
directory.
Change-Id: I236de47d422b3563a0192359f2327610fc1714ca
|
|
Configure keystone_authtoken for Sahara service.
Change-Id: I045b7d1d52851ab0d532a8524fcea95705e3db78
Partial-implement: blueprint keystone-v3
|
|
|
|
This also moves the explicit usages of the Keystone V3 endpoint fromt he
EndpointMap, as using the uri_no_suffix defeats that usage.
Change-Id: I5f07a0cee07fa28b88c419e25e014094004b1bce
Partial-Implement: blueprint keystone-v3
|
|
This is now required per the puppet_config interfaces for docker
services (per I208c1ef1550ab39ab0ee47ab282f9b1937379810)
Change-Id: Iab96919cb0a6b15942f3c19f8d28205261174edc
|
|
A recent commit [1] change how docker is installed and configured on
the overcloud nodes, from a cloud-init script to a proper puppet
profile in puppet-tripleo but forgot to enable the docker service on
the compute nodes.
[1] Ia50169819cb959025866348b11337728f8ed5c9e
Change-Id: I202723d0e48f110e5b0dbfe3dcf6646da9f37948
|
|
|
|
glance-base is not useful anymore since we only run Glance API service
and there is no plan yet to add new services for Glance. Let's cleanup
this useless service and consolidate glance-api service.
Change-Id: I73cd0def2ae73e0bd52104c6710998df4a0d2e58
|
|
This patch makes the neutron-l3 docker service adhere
to the new puppet_config interface.
Change-Id: If5b73ec90637e878af55c8404d1eff8c18e857c3
|
|
|
|
This means we can remove the special BannerText hiera reference
in the puppet-tripleo profile
Change-Id: Id4c8b853fa0e9bcdffe2cf7cd1554a9be7451b25
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Change-Id: I1b5658efaaa26c473ceef184a962ec320f267ffe
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
|
It will allow to configure keystone event notifications
using CADF, as documented on:
https://docs.openstack.org/developer/keystone/event_notifications.html
CADF events provide auditing capabilities for compliance with
security.
Change-Id: Id16b264c295b9e3adbf960366ff8328ba8dcd485
|
|
This aligns the docker based services with the new composable upgrades
architecture we landed for ocata, and does a first-pass adding upgrade_tasks
for the services (these may change, atm we only disable the service on
the host).
To run the upgrade workflow you basically do two steps:
openstack overcloud deploy --templates \
-e environments/major-upgrade-composable-steps-docker.yaml
This will run the ansible upgrade steps we define via upgrade_tasks
then run the normal docker PostDeploySteps to bring up the containers.
For the puppet workflow there's then an operator driven step where
compute nodes (and potentially storage nodes) are upgrades in batches
and finally you do:
openstack overcloud deploy --templates \
-e environments/major-upgrade-converge-docker.yaml
In the puppet case this re-applies puppet to unpin the nova RPC API
so I guess it'll restart the nova containers this affects but otherwise
will be a no-op (we also disable the ansible steps at this point.
Depends-On: I9057d47eea15c8ba92ca34717b6b5965d4425ab1
Change-Id: Ia50169819cb959025866348b11337728f8ed5c9e
|
|
This uses a puppet-tripleo profile to configure and start docker
in step1 of the deployment, which is before we attempt to deploy
any containers (see docker/services/README.rst#docker-steps)
This enables existing environments on upgrade to configure things
correctly, without using the docker/firstboot/setup_docker_host.sh
- the firstboot approach may still be needed for atomic, but for
environments where we can run puppet on the host this integrates
more cleanly with our existing architecture I think.
Depends-On: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea
Change-Id: If4ffe21579bcb2770f4e5a96be7960b52927a27b
|
|
|
|
|
|
Change-Id: I54a3cac11ae63c553f831a3f8eeca2cbe4cc88d3
Signed-off-by: Feng Pan <fpan@redhat.com>
|
|
It doesn't work downstream, so the httpd command was recommended.
Change-Id: I4807333b80dad10f16e5deb56cbfdda656cd1e50
|
|
|
|
|
|
|
|
The new hiera hook in I21639f6aadabf9e49f40d1bb0b1d0edcfc4dbc5e
was added to most of the tripleo-heat-templates in
Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
The new hook is installed by default if you use tripleo-common
Ia1864933235152b7e899c4442534879f8e22240d and will be installed
as part of the Newton to Ocata upgrades workflow in
I0c7a32194c0069b63a501a913c17907b47c9cc16
In order to use the new hiera data as part of the upgrade we
need to remove the old hieradata which will break anyone still
defining and using it. This change updates the remaining vendor
plugin manifests to use the new hiera hook. The pre-requisite
is that the new hook is installed on their overcloud (as above
it comes if you follow the N..O upgrade)
Change-Id: Ic95154734cb21e6b941c7f1569295b413963831d
|
|
A change to puppet-tripleo (Iea5607dbb3ee6b1dd50acc1395de52dc920aa915)
altered altered which hieradata was consumed for octavia. This updates
the heat templates to sync with that change.
Change-Id: I572dd4c25f25ab2ea8b10cabfa4773fae2a2bc91
Closes-Bug: #1670058
|
|
|
|
|
|
|